1 // 2 // Permissions required by modules stored in a run-time image and loaded 3 // by the platform class loader. 4 // 5 // NOTE that this file is not intended to be modified. If additional 6 // permissions need to be granted to the modules in this file, it is 7 // recommended that they be configured in a separate policy file or 8 // ${java.home}/conf/security/java.policy. 9 // 10 11 grant codeBase "jrt:/java.activation" { 12 permission java.security.AllPermission; 13 }; 14 15 grant codeBase "jrt:/java.compiler" { 16 permission java.security.AllPermission; 17 }; 18 19 grant codeBase "jrt:/java.corba" { 20 permission java.security.AllPermission; 21 }; 22 23 grant codeBase "jrt:/java.scripting" { 24 permission java.security.AllPermission; 25 }; 26 27 grant codeBase "jrt:/java.security.jgss" { 28 permission java.security.AllPermission; 29 }; 30 31 grant codeBase "jrt:/java.smartcardio" { 32 permission javax.smartcardio.CardPermission "*", "*"; 33 permission java.lang.RuntimePermission "loadLibrary.j2pcsc"; 34 permission java.lang.RuntimePermission 35 "accessClassInPackage.sun.security.jca"; 36 permission java.lang.RuntimePermission 37 "accessClassInPackage.sun.security.util"; 38 permission java.util.PropertyPermission 39 "javax.smartcardio.TerminalFactory.DefaultType", "read"; 40 permission java.util.PropertyPermission "os.name", "read"; 41 permission java.util.PropertyPermission "os.arch", "read"; 42 permission java.util.PropertyPermission "sun.arch.data.model", "read"; 43 permission java.util.PropertyPermission 44 "sun.security.smartcardio.library", "read"; 45 permission java.util.PropertyPermission 46 "sun.security.smartcardio.t0GetResponse", "read"; 47 permission java.util.PropertyPermission 48 "sun.security.smartcardio.t1GetResponse", "read"; 49 permission java.util.PropertyPermission 50 "sun.security.smartcardio.t1StripLe", "read"; 51 // needed for looking up native PC/SC library 52 permission java.io.FilePermission "<<ALL FILES>>","read"; 53 permission java.security.SecurityPermission "putProviderProperty.SunPCSC"; 54 permission java.security.SecurityPermission 55 "clearProviderProperties.SunPCSC"; 56 permission java.security.SecurityPermission 57 "removeProviderProperty.SunPCSC"; 58 }; 59 60 grant codeBase "jrt:/java.sql" { 61 permission java.security.AllPermission; 62 }; 63 64 grant codeBase "jrt:/java.sql.rowset" { 65 permission java.security.AllPermission; 66 }; 67 68 grant codeBase "jrt:/java.xml.bind" { 69 permission java.security.AllPermission; 70 }; 71 72 grant codeBase "jrt:/java.xml.crypto" { 73 permission java.lang.RuntimePermission 74 "accessClassInPackage.sun.security.util"; 75 permission java.util.PropertyPermission "*", "read"; 76 permission java.security.SecurityPermission "putProviderProperty.XMLDSig"; 77 permission java.security.SecurityPermission 78 "clearProviderProperties.XMLDSig"; 79 permission java.security.SecurityPermission 80 "removeProviderProperty.XMLDSig"; 81 permission java.security.SecurityPermission 82 "com.sun.org.apache.xml.internal.security.register"; 83 permission java.security.SecurityPermission 84 "getProperty.jdk.xml.dsig.secureValidationPolicy"; 85 permission java.lang.RuntimePermission 86 "accessClassInPackage.com.sun.org.apache.xml.internal.*"; 87 permission java.lang.RuntimePermission 88 "accessClassInPackage.com.sun.org.apache.xpath.internal"; 89 permission java.lang.RuntimePermission 90 "accessClassInPackage.com.sun.org.apache.xpath.internal.*"; 91 }; 92 93 grant codeBase "jrt:/java.xml.ws" { 94 permission java.security.AllPermission; 95 }; 96 97 grant codeBase "jrt:/jdk.accessibility" { 98 permission java.lang.RuntimePermission "accessClassInPackage.sun.awt"; 99 }; 100 101 grant codeBase "jrt:/jdk.charsets" { 102 permission java.util.PropertyPermission "os.name", "read"; 103 permission java.util.PropertyPermission "sun.nio.cs.map", "read"; 104 permission java.lang.RuntimePermission "charsetProvider"; 105 permission java.lang.RuntimePermission 106 "accessClassInPackage.jdk.internal.misc"; 107 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.cs"; 108 }; 109 110 grant codeBase "jrt:/jdk.crypto.ec" { 111 permission java.lang.RuntimePermission 112 "accessClassInPackage.sun.security.*"; 113 permission java.lang.RuntimePermission "loadLibrary.sunec"; 114 permission java.security.SecurityPermission "putProviderProperty.SunEC"; 115 permission java.security.SecurityPermission "clearProviderProperties.SunEC"; 116 permission java.security.SecurityPermission "removeProviderProperty.SunEC"; 117 }; 118 119 grant codeBase "jrt:/jdk.crypto.cryptoki" { 120 permission java.lang.RuntimePermission 121 "accessClassInPackage.sun.security.*"; 122 permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; 123 permission java.lang.RuntimePermission "loadLibrary.j2pkcs11"; 124 permission java.util.PropertyPermission "sun.security.pkcs11.allowSingleThreadedModules", "read"; 125 permission java.util.PropertyPermission "os.name", "read"; 126 permission java.util.PropertyPermission "os.arch", "read"; 127 permission java.security.SecurityPermission "putProviderProperty.*"; 128 permission java.security.SecurityPermission "clearProviderProperties.*"; 129 permission java.security.SecurityPermission "removeProviderProperty.*"; 130 permission java.security.SecurityPermission 131 "getProperty.auth.login.defaultCallbackHandler"; 132 permission java.security.SecurityPermission "authProvider.*"; 133 // Needed for reading PKCS11 config file and NSS library check 134 permission java.io.FilePermission "<<ALL FILES>>", "read"; 135 }; 136 137 grant codeBase "jrt:/jdk.desktop" { 138 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.awt"; 139 }; 140 141 grant codeBase "jrt:/jdk.dynalink" { 142 permission java.security.AllPermission; 143 }; 144 145 grant codeBase "jrt:/jdk.incubator.httpclient" { 146 }; 147 148 grant codeBase "jrt:/jdk.internal.le" { 149 permission java.security.AllPermission; 150 }; 151 152 grant codeBase "jrt:/jdk.internal.vm.compiler" { 153 permission java.security.AllPermission; 154 }; 155 156 grant codeBase "jrt:/jdk.jsobject" { 157 permission java.security.AllPermission; 158 }; 159 160 grant codeBase "jrt:/jdk.localedata" { 161 permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*"; 162 permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*"; 163 }; 164 165 grant codeBase "jrt:/jdk.naming.dns" { 166 permission java.security.AllPermission; 167 }; 168 169 grant codeBase "jrt:/jdk.scripting.nashorn" { 170 permission java.security.AllPermission; 171 }; 172 173 grant codeBase "jrt:/jdk.scripting.nashorn.shell" { 174 permission java.security.AllPermission; 175 }; 176 177 grant codeBase "jrt:/jdk.security.auth" { 178 permission java.security.AllPermission; 179 }; 180 181 grant codeBase "jrt:/jdk.security.jgss" { 182 permission java.security.AllPermission; 183 }; 184 185 grant codeBase "jrt:/jdk.zipfs" { 186 permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete"; 187 permission java.lang.RuntimePermission "fileSystemProvider"; 188 permission java.util.PropertyPermission "os.name", "read"; 189 }; 190 191 // permissions needed by applications using java.desktop module 192 grant { 193 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.beans"; 194 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.beans.*"; 195 permission java.lang.RuntimePermission "accessClassInPackage.com.sun.java.swing.plaf.*"; 196 permission java.lang.RuntimePermission "accessClassInPackage.com.apple.*"; 197 };